Summary
The remote host is missing an update to evolution
announced via advisory DSA 1325-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201325-1
Insight
Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-1002
Ulf Harnhammer discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code.
CVE-2007-3257
It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code.
For the oldstable distribution (sarge) these problems have been fixed in version 2.0.4-2sarge2. Packages for hppa, mips and powerpc are not yet available. They will be provided later.
For the stable distribution (etch) these problems have been fixed in version 2.6.3-6etch1. Packages for mips are not yet available. They will be provided later.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your evolution packages.
Severity
Classification
-
CVE CVE-2007-1002, CVE-2007-3257 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities